[libvirt-users] Reg: Difference between chroot & pivot_root
Hi, What is the difference between chroot & pivot_root. They don't seem obvious based on the man pages apart from the below mentioned caveats. 1) Inherited Open file descriptors, have to be explicitly closed. 2) Does not change CWD of the process, which can be overcome by doing a chdir before & after chroot call. Any information on this would be useful. Thanks, Alphonse
On Tue, Sep 06, 2011 at 01:02:14PM -0400, Alphonse Hansel Anthony wrote:
Hi, What is the difference between chroot & pivot_root. They don't seem obvious based on the man pages apart from the below mentioned caveats.
1) Inherited Open file descriptors, have to be explicitly closed. 2) Does not change CWD of the process, which can be overcome by doing a chdir before & after chroot call.
Any information on this would be useful.
I assume you are asking wrt the libvirt LXC driver, which uses pivot_root instead of chroot() when setting up the guest. The primary reason for this is that chroot() is escapable, where as pivot_root() is not. https://s3hh.wordpress.com/2011/05/31/escaping-chroots/ Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
Thanks a lot. This painted a good picture regarding the caveats involved. -Alphonse On Mon, Sep 12, 2011 at 7:14 AM, Daniel P. Berrange <berrange@redhat.com>wrote:
On Tue, Sep 06, 2011 at 01:02:14PM -0400, Alphonse Hansel Anthony wrote:
Hi, What is the difference between chroot & pivot_root. They don't seem obvious based on the man pages apart from the below mentioned caveats.
1) Inherited Open file descriptors, have to be explicitly closed. 2) Does not change CWD of the process, which can be overcome by doing a chdir before & after chroot call.
Any information on this would be useful.
I assume you are asking wrt the libvirt LXC driver, which uses pivot_root instead of chroot() when setting up the guest. The primary reason for this is that chroot() is escapable, where as pivot_root() is not.
https://s3hh.wordpress.com/2011/05/31/escaping-chroots/
Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/:| |: http://libvirt.org -o- http://virt-manager.org:| |: http://autobuild.org -o- http://search.cpan.org/~danberr/:| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc:|
Am Dienstag, 6. September 2011, 19:02:14 schrieb Alphonse Hansel Anthony:
Hi, What is the difference between chroot & pivot_root.
As far as I know, chroot changes only the effective root for one newly started process and all the child processes it will start in the future, leaving all other processes unaffected, while pivot_root changes the root for the entire system, killing all other processes. The last time I saw pivot_root in practical use, it was as part of some multi- staged boot-over-nfs process. Guido
On Tue, Sep 13, 2011 at 03:05:32PM +0200, Guido Winkelmann wrote:
Am Dienstag, 6. September 2011, 19:02:14 schrieb Alphonse Hansel Anthony:
Hi, What is the difference between chroot & pivot_root.
As far as I know, chroot changes only the effective root for one newly started process and all the child processes it will start in the future, leaving all other processes unaffected, while pivot_root changes the root for the entire system, killing all other processes.
In the context of LXC, the pivot_root is done after switching into a private filesystem namespace (CLONE_NEWNS), so only the process doing the pivot and its children are affected, not the system as a whole. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
participants (3)
-
Alphonse Hansel Anthony -
Daniel P. Berrange -
Guido Winkelmann